<?php
/**
 * Zend Framework
 * LICENSE
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://framework.zend.com/license/new-bsd
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@zend.com so we can send you a copy immediately.
 * @category Zend
 * @package Zend_Auth
 * @subpackage Zend_Auth_Adapter_Http
 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
 * @license http://framework.zend.com/license/new-bsd New BSD License
 * @version $Id: File.php 24593 2012-01-05 20:35:02Z matthew $
 */
/**
 *
 * @see Zend_Auth_Adapter_Http_Resolver_Interface
 */
require_once 'Zend/Auth/Adapter/Http/Resolver/Interface.php';

/**
 * HTTP Authentication File Resolver
 * @category Zend
 * @package Zend_Auth
 * @subpackage Zend_Auth_Adapter_Http
 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
 * @license http://framework.zend.com/license/new-bsd New BSD License
 */
class Zend_Auth_Adapter_Http_Resolver_File implements Zend_Auth_Adapter_Http_Resolver_Interface {

    /**
     * Path to credentials file
     * @var string
     */
    protected $_file;

    /**
     * Constructor
     * @param string $path Complete filename where the credentials are stored
     * @return void
     */
    public function __construct ($path = '') {
        if ( ! empty ($path)) {
            $this -> setFile ($path);
        }
    }

    /**
     * Set the path to the credentials file
     * @param string $path
     * @throws Zend_Auth_Adapter_Http_Resolver_Exception
     * @return Zend_Auth_Adapter_Http_Resolver_File Provides a fluent interface
     */
    public function setFile ($path) {
        if (empty ($path) ||  ! is_readable ($path)) {
            /**
             *
             * @see Zend_Auth_Adapter_Http_Resolver_Exception
             */
            require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
            throw new Zend_Auth_Adapter_Http_Resolver_Exception ('Path not readable: ' . $path);
        }
        $this -> _file = $path;
        return $this;
    }

    /**
     * Returns the path to the credentials file
     * @return string
     */
    public function getFile () {
        return $this -> _file;
    }

    /**
     * Resolve credentials
     * Only the first matching username/realm combination in the file is
     * returned.
     * If the file contains credentials for Digest authentication,
     * the returned string is the password hash, or h(a1) from RFC 2617. The
     * returned string is the plain-text password for Basic authentication.
     * The expected format of the file is:
     * username:realm:sharedSecret
     * That is, each line consists of the user's username, the applicable
     * authentication realm, and the password or hash, each delimited by
     * colons.
     * @param string $username Username
     * @param string $realm Authentication Realm
     * @throws Zend_Auth_Adapter_Http_Resolver_Exception
     * @return string false shared secret, if the user is found in the
     *         realm, false otherwise.
     */
    public function resolve ($username, $realm) {
        if (empty ($username)) {
            /**
             *
             * @see Zend_Auth_Adapter_Http_Resolver_Exception
             */
            require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
            throw new Zend_Auth_Adapter_Http_Resolver_Exception ('Username is required');
        } else 
            if ( ! ctype_print ($username) || strpos ($username, ':') !== false) {
                /**
                 *
                 * @see Zend_Auth_Adapter_Http_Resolver_Exception
                 */
                require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
                throw new Zend_Auth_Adapter_Http_Resolver_Exception ('Username must consist only of printable characters, ' . 'excluding the colon');
            }
        if (empty ($realm)) {
            /**
             *
             * @see Zend_Auth_Adapter_Http_Resolver_Exception
             */
            require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
            throw new Zend_Auth_Adapter_Http_Resolver_Exception ('Realm is required');
        } else 
            if ( ! ctype_print ($realm) || strpos ($realm, ':') !== false) {
                /**
                 *
                 * @see Zend_Auth_Adapter_Http_Resolver_Exception
                 */
                require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
                throw new Zend_Auth_Adapter_Http_Resolver_Exception ('Realm must consist only of printable characters, ' . 'excluding the colon.');
            }
        // Open file, read through looking for matching credentials
        $fp = @fopen ($this -> _file, 'r');
        if ( ! $fp) {
            /**
             *
             * @see Zend_Auth_Adapter_Http_Resolver_Exception
             */
            require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
            throw new Zend_Auth_Adapter_Http_Resolver_Exception ('Unable to open password file: ' . $this -> _file);
        }
        // No real validation is done on the contents of the password file. The
        // assumption is that we trust the administrators to keep it secure.
        while (($line = fgetcsv ($fp, 512, ':')) !== false) {
            if ($line[0] == $username && $line[1] == $realm) {
                $password = $line[2];
                fclose ($fp);
                return $password;
            }
        }
        fclose ($fp);
        return false;
    }

}
